Mosquitto: Difference between revisions
m added link to manual |
add advanced setup from old wiki |
||
Line 17: | Line 17: | ||
} | } | ||
]; | ]; | ||
}; | |||
networking.firewall = { | |||
enable = true; | |||
allowedTCPPorts = [ 1883 ]; | |||
}; | |||
</syntaxHighlight> | |||
== Advanced Setup == | |||
The following more advanced setup also enables a local Mosquitto server listening on port <code>1883</code>, but with some setting overrides, a simple user definition containing ACL statements, and a bridge configuration that connects this Mosquitto instance to an AWS IoT Core broker using Mutual TLS. The configured topics are transparently copied between the two brokers (no local or remote prefixes are added to the topic names). | |||
<syntaxHighlight lang="nix"> | |||
services.mosquitto = { | |||
enable = true; | |||
listeners = [{ | |||
address = "192.168.0.1"; | |||
port = 1883; | |||
users.iotdevice = { | |||
acl = [ | |||
"read IoT/device/action" | |||
"write IoT/device/observations" | |||
"write IoT/device/LW" | |||
]; | |||
password = "mysweetpassword-or-use-hashedPassword"; | |||
}; | |||
}]; | |||
bridges."aws_iot_core" = { | |||
addresses = [{ | |||
address = "foobar.iot.us-west-2.amazonaws.com"; | |||
port = 8883; | |||
}]; | |||
topics = [ | |||
"IoT/device/action in 1 \"\"" | |||
"IoT/device/observations out 1 \"\"" | |||
"IoT/device/LW out 0 \"\"" | |||
]; | |||
settings = { | |||
local_clientid = "NiXOS-Mosquitto"; | |||
remote_clientid = "NiXOS-Mosquitto"; | |||
cleansession = true; | |||
notifications = false; | |||
start_type = "automatic"; | |||
bridge_protocol_version = "mqttv311"; | |||
bridge_outgoing_retain = false; | |||
bridge_insecure = false; | |||
bridge_cafile = "/persist/etc/mosquitto/AmazonRootCA1-RSA.pem"; | |||
bridge_certfile = "/persist/etc/mosquitto/certificate.pem"; | |||
bridge_keyfile = "/persist/etc/mosquitto/private.pem.key"; | |||
}; | |||
}; | |||
}; | }; | ||